Hey all My company is looking to


05/23/2023, 8:57 PM
Hey all. My company is looking to transition over to SuperTokens. After looking at some things we see that our current auth solution uses PKCE, but it appears that SuperTokens does not support OAuth 2.0 flows, but that does not seem quite right to me. Would someone be able to point me towards the proper documentation to answer this question?
I assume we can implement our own solution if this isn't provided out of the box, but would like any additional context if possible!


05/24/2023, 4:28 AM
hey @EJ . Thanks for the question. I believe that @Adiboi has replied to this on your DM.
Hey! You can implement the implicit flow with supertokens until we release full OAuth 2.0 support (1-2 months time). Let's take an example of two sites - (having the auth form), and - User visits and they have no session. - redirects the user to (which uses our frontend & backend SDKs) on On this page, the supertokens SDK will show the auth UI (if you are using our pre built UI), or you can build your own UI (using supertokens-web-js SDK). Either way, you should store the redirect_to query param somewhere. You should also validate that the redirect_to uri value is an allowed one. - The user logs into as usual and we now have a session on for that user. - Post session creation, you should redirect the user to (based on the redirect uri) along with the access token - like The access token can be fetched on the frontend from our frontend SDK's
function. - Once on page, you should extract the access token from the query param, and send it to the backend of Let's call this backend - then verifies the access token using any jwt verification lib (querying the jwks endpoint from the's backend). - post access token verification, can create its own session to keep the user logged into that site. Note that this approach will only work if all the sites are controlled by you. Once we have oauth 2.0 features, you can easily replace this with the standard Auth code grant flow via PKCE / client secret.